similar to: icmp traceroute from dmz behind proxy-arp - icmp code 11 ?

Thanks for replying so quickly Guus. I will try increasing the re-keying time to 86400, and am now running the servers in debug 5 mode logging to a file, so will get all output. Its interesting what you say about UDP being given lower priority, the two end points of this VPN are actually within the same data center, but are being routed within the DC's core routers (because its going

Hi, I'm afraid about having find a freebsd 5X security issue. We have recently upgraded one gateway from 4.10 to 5.3... Following network used: [ISP]--xl1--[FW01]-----xl0--em0--[SR01] | |--fxp0--em0--[SR02] On fw01, we have one jail. So fw01 is configured as a bridge on xl1,xl0,fxp0. Services works (before and after upgrade). On 4.10, we used

Hi, I had successfully setup my bridge (br0) but after few minutes the br0 interface seems not working. ifconfig eth0 0.0.0.0 ifconfig eth5 0.0.0.0 brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth5 brctl stp br0 on I check on my system's /var/log/syslog file. It shows something strange messages as below: - Jan 2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes)

Hi All, >From the documentation I have read on Shorewall, the preferred approach seems to be, to use Proxy ARP instead of Static NAT for hosting web servers in the DMZ Zone. But I have also read that this could cause problems for VPN configurations. I essentially have multiple public IP''s, which I want to map to private addresses in the DMZ. I also intend to setup a gateway between 2

I have a DomU as a firewall (using the Dom0 kernel). I hid the three nics from Dom0 and assigned them to the firewall VM. The firewall VM sees the three nics no problem. Eth0 comes up and grabs an IP automatically from my DHCP server, however eth1 and eth2 are configured with static IPs but they do not come up with an IP: Here is my ''ifconfig'': [root@fw01 ~]# ifconfig eth0

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It

Hi, I am setting up a firewall on CENTOS 4.4. I have done default block iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP I have enabled ICMP to www.google.com iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT Ping works fine as below [root at firebox rc.d]# ping 64.233.189.104 PING 64.233.189.104 (

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I've got this strange thing: I setup a openvpn link between two openwrts. NetA: 192.168.2.0/24 NetB: 192.168.0.0/24 In netA there is a mail server + DNS: 192.168.2.44, with domain name branch.abc.com In netB there is a mail server + DNS: 192.168.0.44, with domain name abc.com I setup both DNS server to be a slave server of each other

Neil, Doesn't look like my original message made it to the mailing list so here you are. ---------- Forwarded Message ---------- Subject: Re: Fwd: [CentOS] HOW to enable traceroute with IPTABLES Date: Sat February 17 2007 10:07 From: Robert Spangler <lazydog at zoominternet.net> To: CentOS mailing list <centos at centos.org> On Sat February 17 2007 03:11, Indunil Jayasooriya

Is there a traceroute equivalent in the VoIP world? I would like to see the route a call takes after it gets to the gateway. Basically showing all the hops until it reaches it's destination or PSTN termination. -Dave

Seems like the message got filtered on BUGTRAQ, I'd still think at least some of the people on this list may have an interest in parts of the data below. Cheers. ---------- Forwarded message ---------- Date: Sat, 29 Jul 2000 06:11:54 +0300 (EET DST) From: Ville <viha@cryptlink.net> To: bugtraq@securityfocus.com Subject: Linux traceroute (oddness & localhost memory-alloc) Hi.

My Linux workstation (Mandrake 10.1 kernel 2.6.8.1) is dual-homed to two ADSL Internet providers. Card eth0 (192.168.9.250) is the default route and leads to an SMC router (192.168.9.254). Card eth1 (192.168.1.250) leads to a Linksys router (192.168.1.1). I''m not doing any NAT or PPPoE in the workstation - the SMC and Linksys handle it all. I know four commands that let you set an IP

Hello, I''m having a very strange problem concerning traceroute and routing and didn''t know if lartc or netfilter would be the correct choice for asking. (so sorry if my question is misplaced) I have the following setup: public ip -- gw1 -- 172.16.0.1 --- 172.16.0.2/and public ip''s --- gw2 --- switch --users (public and private ip addresses; ip-user-pub) from the

CentOS Errata and Enhancement Advisory 2011:0469 Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-0469.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 8d044975056f6e1f7485a62cd8309f49 traceroute-2.0.1-6.el5.i386.rpm Source: 12a273e76a16f11869981bde05d35831 traceroute-2.0.1-6.el5.src.rpm -- Johnny Hughes

CentOS Errata and Enhancement Advisory 2011:0469 Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-0469.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 55faf2478a5db7379ef455523f2e0cad traceroute-2.0.1-6.el5.x86_64.rpm Source: 12a273e76a16f11869981bde05d35831 traceroute-2.0.1-6.el5.src.rpm -- Johnny

CentOS Errata and Bugfix Advisory 2011:0469 Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-0469.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: f6e26bd969eaa53861500b22804f140a traceroute-2.0.1-6.el5.i386.rpm Source: a44d3ee8852b4931e777680e97602cc4 traceroute-2.0.1-6.el5.src.rpm -- Karanbir Singh

CentOS Errata and Bugfix Advisory 2011:0469 Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-0469.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 9b2f0df9e44e596cec2585e413847f8d traceroute-2.0.1-6.el5.x86_64.rpm Source: a44d3ee8852b4931e777680e97602cc4 traceroute-2.0.1-6.el5.src.rpm -- Karanbir

Hi all, That issue is over now. I found why my ESTABLISHED,RELATED rule at the top of INPUT chain did not work for udp and icmp. The reason was I have included the protocol as tcp as below iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT I removed -p tcp from above rule. Now it works for all protocols. Thanks for your support. ---------- Forwarded message

Hi everybody, Right now, we are blocking pings and traceroutes to our website. But, in order for our members to test the connection when they are experiencing slow browsing, we are thinking about unblocking them... Are there still any security issues (flooding, etc...) in enabling them or is that an old problem fixed a long time ago? Thanks, JD